Commit b8517919 authored Aug 21, 2024 by Zhang Yi Committed by Zhihao Cheng Aug 21, 2024

iomap: don't mark blocks uptodate after partial zeroing

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I9DN5Z


CVE: NA

--------------------------------

In __iomap_write_begin(), if we unaligned buffered write data to a hole
of a regular file, we only zero out the place where aligned to block
size that we don't want to write, but mark the whole range uptodate if
block size < folio size. This is wrong since the not zeroed part will
contains stale data and can be accessed by a concurrent buffered read
easily (on the filesystem may not hold inode->i_rwsem) once we mark the
range uptodate. At the same time, in the reading data branch, it's also
unnecessary to set the just read range uptodate since we are going to
set it immediately in __iomap_write_end(). Hence fix this by just drop
iomap_set_range_uptodate() in the zeroing out branch.

Fixes: 9dc55f13 ("iomap: add support for sub-pagesize buffered I/O without buffer heads")
Reported-by: Matthew Wilcox <willy@infradead.org>
Closes: https://lore.kernel.org/all/ZqsN5ouQTEc1KAzV@casper.infradead.org/


Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Zhihao Cheng <chengzhihao@huaweicloud.com>

parent 37c3a17b

fs/iomap/buffered-io.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -761,7 +761,6 @@ int __iomap_write_begin(const struct iomap_iter *iter, loff_t pos,
		if (status)
		return status;
		}
		iomap_set_range_uptodate(folio, poff, plen);
		} while ((block_start += plen) < block_end);

		return 0;